On the verge of disaster. Lido Finance is a so-called liquid staking protocol on Ethereum. Thus, it brings together in a decentralized manner the stakers who deposit their ETH and the node operators. However, a recent breach could have resulted in the loss of billions of dollars.
A flaw on a Lido node operator
As we discussed in the introduction, Lido is a protocol for decentralized staking. This brings together two market players. On the one hand the ETH holders who want to deposit their ETH in staking. On the other, the validators that operate validator nodes using stakers’ ETH as collateral.
On November 22, the Lido DAO revealed that a vulnerability had been discovered with one of the network node operators: InfStones.
To understand the situation, let’s go back a few months. Thus, in July 2023, the company dWallet Labs alerts InfStones after discovering vulnerability.
In practice, the vulnerability could have been exploited to steal the private keys of certain validators on Ethereum. According to dWallet this would represent 1.2% of validators on Ethereum.
Vulnerability Details
As explained by dWallet Labs in its publication, the flaw is located in the Talion open-source library.
Indeed, Talion is run as administrator on the machines. Furthermore, this one allows arbitrary code to be executed on the machine. Researchers at dWallet Labs thus combined the two to exploit the vulnerability.
To do this, they scanned the network for vulnerable nodes. They found several InfStone nodes listening on port 55555. After some additional manipulation, they managed to recover the username and password to connect to the server.
“At this point we have full control of around 80 nodes, some of which are validators, and we are able to run code on all of them. We immediately contacted InfStones (this was in early July 2023) and reported this initial vulnerability to them. »
Explains dWallet Labs.
For its part, InfStones directly took the necessary measures. Indeed, they have disabled port 55555 on all of their nodes and removed the Talion library of their systems.
Finally, they performed a complete rotation of the keys and authentication information of the affected nodes.
“Additionally, we have invalidated and modified all credentials on affected node instances to mitigate any potential exposure and secure our system against latent threats. »
Explains InfStones.
For its part, the Lido protocol is intended to be reassuring. In fact, it assures its customers that there is no indication that keys have leaked or been compromised.
So, all is well that ends well and the worst could have been avoided. Especially since a Lido hack would have been a disaster for the ecosystem. Yes, Lido is the main staking provider on Ethereum. However, his competitors try to limit their impact to reduce centralization. A matter that does not seem to interest Lido.